[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#952687: marked as done (openssh-server: no connectivity with vx.connectbot: no matching key exchange method found (FYI documentation))

Your message dated Thu, 27 Feb 2020 15:52:52 +0000
with message-id <20200227155252.GJ5390@riva.ucam.org>
and subject line Re: Bug#952687: openssh-server: no connectivity with vx.connectbot: no matching key exchange method found (FYI documentation)
has caused the Debian Bug report #952687,
regarding openssh-server: no connectivity with vx.connectbot: no matching key exchange method found (FYI documentation)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
952687: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952687
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: openssh-server
Version: 1:8.2p1-3
Severity: wishlist
Tags: upstream wontfix

Feb 27 16:00:07 tglase-nb sshd[11219]: Unable to negotiate with 192.168.178.24 port 42930: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 [preauth]

This is vx.connectbot, a well-known Android SSH client.

To restore connectivity put…

KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1

… into /etc/ssh/sshd_config and restart sshd. Note that this
will lower the security level of your server and probably not
work any more at some point in the future.

-- System Information:
Debian Release: bullseye/sid
  APT prefers buildd-unstable
  APT policy: (500, 'buildd-unstable'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.4.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

Versions of packages openssh-server depends on:
ii  adduser                    3.118
ii  debconf [debconf-2.0]      1.5.73
ii  dpkg                       1.19.7
ii  libaudit1                  1:2.8.5-2+b1
ii  libc6                      2.29-10
ii  libcom-err2                1.45.5-2
ii  libcrypt1                  1:4.4.10-10
ii  libelogind0 [libsystemd0]  241.3-1+debian3
ii  libgssapi-krb5-2           1.17-6
ii  libkrb5-3                  1.17-6
ii  libpam-modules             1.3.1-5
ii  libpam-runtime             1.3.1-5
ii  libpam0g                   1.3.1-5
ii  libselinux1                3.0-1+b1
ii  libssl1.1                  1.1.1d-2
ii  libwrap0                   7.6.q-30
ii  lsb-base                   11.1.0
ii  openssh-client             1:8.2p1-3
ii  openssh-sftp-server        1:8.2p1-3
ii  procps                     2:3.3.16-2
ii  runit-helper               2.8.14
ii  ucf                        3.0038+nmu1
ii  zlib1g                     1:1.2.11.dfsg-2

Versions of packages openssh-server recommends:
ii  libpam-elogind [logind]  241.3-1+debian3
pn  ncurses-term             <none>
ii  xauth                    1:1.0.10-1

Versions of packages openssh-server suggests:
ii  kwalletcli [ssh-askpass]  3.02-1
ii  molly-guard               0.7.2
pn  monkeysphere              <none>
pn  ufw                       <none>

-- Configuration Files:
/etc/ssh/moduli changed [not included]

-- debconf information:
  openssh-server/permit-root-login: true
* ssh/use_old_init_script: true
  openssh-server/password-authentication: true
  ssh/disable_cr_auth: false
  ssh/encrypted_host_key_but_no_keygen:
  ssh/vulnerable_host_keys:

--- End Message ---
--- Begin Message --- 
On Thu, Feb 27, 2020 at 04:05:44PM +0100, Thorsten Glaser wrote:
> Package: openssh-server
> Version: 1:8.2p1-3
> Severity: wishlist
> Tags: upstream wontfix
> 
> Feb 27 16:00:07 tglase-nb sshd[11219]: Unable to negotiate with 192.168.178.24 port 42930: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 [preauth]
> 
> This is vx.connectbot, a well-known Android SSH client.
> 
> To restore connectivity put…
> 
> KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1
> 
> … into /etc/ssh/sshd_config and restart sshd. Note that this
> will lower the security level of your server and probably not
> work any more at some point in the future.

Indeed.  The change to the default key exchange proposal is already
documented in NEWS.Debian, so closing this bug.  I'm not going to keep
wontfix bugs open as documentation - there's enough in the bug list
already!

Has somebody already filed a bug against vx.connectbot?

-- 
Colin Watson                                       [cjwatson@debian.org]

--- End Message ---
Reply to: